467,915 Members | 1,495 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,915 developers. It's quick & easy.

Good Forgot Password Script?

Anyone have a good script to provide users with the opportunity to have
their password changed, and then the new one emailed to them?

Jul 16 '05 #1
  • viewed: 6846
Share:
1 Reply
> Anyone have a good script to provide users with the opportunity
to have their password changed, and then the new one emailed to them?


I just did one. I won't provide the whole damn code, but here's a sketch
of how it works:

(I assume Your user has an account with a unique username and a mail
address. Otherwise this won't work. No new mail address will be accepted
when requesting a new password, of course.)

1. User provides his username in sendpassword.php
2. sendpassword.php does:
* insert username and new random password into a separate
table (not the usertable!)
* send link to ->changepassword.php with username and new
password to mail address from usertable,
commenting that someone (not necessarily the account owner)
has applied for a new password.
3. changepassword.php accepts username and newpassword,
deletes values from temp table and sets new password value
(md5()!)
If You're really nice, provide an input field to change the
random password instantly to a personal password.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!
Security issues:
* All Your password fields are md5 encrypted
* use https, if You can
* use a routine to expire the temp values in a set interval of,
say, 24 hours
* If Your user's data is /very/ delicate, _do_not_use_this_method_!
(Mail is not safe)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!

(anyone have improvements?)

Enjoy coding!

rudi

Jul 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by chaos | last post: by
3 posts views Thread by fartingiscool | last post: by
matheussousuke
9 posts views Thread by matheussousuke | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.